Posts Tagged Zero-day
SANS: Rising numbers of zero-day vulnerabilities
Posted by Mourad Ben Lakhoua in Internet, News, Operating System, Vulnerabilities, Web Security on September 16, 2009
TippingPoint and Qualys two security companies have been involved in a study named “The Top Cyber Security Risks” revealed that more than half of all cyber attacks are targeting applications and websites. This report is based on information collected from March to August 2009 from customers that are using the Intrusion prevention system and network monitoring solutions from both company.
According to the report the numbers of vulnerabilities discovered in applications exceed those for operating systems. Bugs in Adobe PDF Reader, QuickTime, Adobe Flash, Microsoft Office and other popular Web browsers are frequently used to spread malicious code over the internet.
At the same period the study revealed that organizations are updating the network application two times longer than it in the operating system, even that vulnerabilities in OS are less number. However there were no wide spread worms for operating system detected except Conficker.
One of the most serious network threats in the report is that there are some major software companies are not focusing on providing fixes for several zero-day vulnerabilities as a result some bugs still remains update for more than two years.
Very interesting study you can find more details about it here.
make sure you subscribe to my RSS feed!
Methods to Avoid Zero day attack
Posted by Mourad Ben Lakhoua in Vulnerabilities, Vulnerabilities & attacks on September 2, 2009
Updating software packages, configuring firewall properly and implementing an antivirus solution can help to guarantee good security for a home user. But when it comes for corporate information system that provides services for public network and have an outside access, security should be considered more seriously.
Different vulnerabilities and interconnected system creates a new type of threat and malicious attacks. So it is recommended to implement Intrusion detection and prevention system (IDS/IPS).one of the most important element for the IDS/IPS is to have an up to date signature database and a good policy rule-set to be at a high rate of attacks detecting. In certain Snort for example there are three levels of sensitivity the first is the most critical so this alerts dangerous event, while the second and third are just a call of action so it alerts of some unusual activity.
Maybe you will ask how can I take benefit from all these logs? Logs monitoring is very important in preventing attacks for example to make an SQL-injection attackers require from 15 minutes to 3 hours while to exploit an unknown services vulnerability can take even more time. During this period it is possible to prevent attacks that can cause a great damage. So here it is a Time metric!
Well there should be a vulnerability assessment (VA) in place. Just take a look at the Complete Guide to the Common Vulnerability Scoring System (SVSS) version 2 developed by the First this can help to understand different types of attack, it is necessary to integrate the protection in the global environment and to be ready to fix any zero day attack.
New vulnerabilities are discovered and published every day. As a result, staying up-to-date is a must.
make sure you subscribe to my RSS feed!
BIND 9 vulnerable to DoS
Posted by Mourad Ben Lakhoua in Vulnerabilities & attacks on July 30, 2009
Internet Systems Consortium and US-CERT warned of a new vulnerability that concerns DNS-server code, Berkeley Internet Name Domain 9 (BIND9), this vulnerability can lead to system failure in the popular DNS BIND9.
Richard Hyatt from Bluecat Networks Inc. alerted of the new zero day vulnerability and encourages all costumers to patch there servers as soon as possible while it is confirmed the existence of the exploit for this zero day vulnerability
Yesterday US-CERT have released advisory that contains a list with the BIND9 versions that are Affected by this vulnerability in which you can find Ubuntu while Nominum is not concerned.
The instruction illustrates that an attacker can crash the DNS server by sending remotely a specially-crafted dynamic update packet as a result the DNS server should be restarted manually.
So secure your stuff and keep working!
make sure you subscribe to my RSS feed!
New Excel 0-day being exploited in the wild
Posted by Mourad Ben Lakhoua in Cybercrime on February 24, 2009
Symentic reported that there is a new 0day vulnerability in Microsoft Office Excel (other versions may be affected as well).Symantec is saying that the vulnerability is being exploited by a variant of the Mdropper trojan, which they are calling Trojan.Mdropper.AC.
There is no patch for the vulnerability yet and the only workaround available at the moment is to not open Office documents from untrusted sources.
SUBSCRIBE
Latest Comments